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REMARKS/ARGUMENTS 

This Amendment is being filed in response to the first Official Action of a Request for 
Continued Examination (RCE) of the present application. The first Official Action of this RCE 
continues to reject all of the pending claims, namely Claims 1-20, under 35 U.S.C. § 102(b) as 
being anticipated by U.S. Patent No. 6,330,562 to Boden et al. As explained below, Applicant 
respectfully submits that the claimed invention is patentably distinct from Boden, and 
accordingly, traverses the respective objection to the drawings and rejection of the claims. 
Nonetheless, Applicant has amended various ones of the claims to further clarify the claimed 
invention. In view of the amendments to the claims and the remarks presented herein, Applicant 
respectfully requests reconsideration and allowance of all of the pending claims of the present 
application. 

Again, Boden discloses a system and method for managing security objects, including a 
data model for abstracting customer-defined VPN security policy information. As disclosed, 
such a model enables a VPN node (computer system existing in a Virtual Private Network) to 
gather policy configuration information for itself through a GUI or some distributed policy 
source. The VPN node can then store the policy configuration information in a system-defined 
database, and use the information to dynamically negotiate, create, delete, and maintain secure 
connections at the IP level with other VPN nodes. 

As currently recited by amended independent Claim 1, for example, a method of creating 
and maintaining a centralized key store includes providing a plurality of security policies, each 
of which includes an application instance identifier associated with a security service. As 
recited, at least two of the application instance identifiers are associated with different security 
services that operate according to different protocols at different layers of a multi-layered 
protocol stack. As also recited, the method further includes creating one or more security 
associations based upon at least one security service associated with at least one application 
instance identifier to thereby create a centralized key store including the security policies and 
security association(s). 

As previously explained, in contrast to independent Claim 1, Boden does not teach or 
suggest a centralized key store with security policies, each of which includes an application 
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instance identifier associated with a security service, or one or more security associations created 
based upon security service(s) associated with the application instance identifier(s). As 
explained in response to the first Official Action, Boden does disclose abstracting information 
about connections in a VPN environment, such as between a system using TCP/IP and a system 
using IPSec. Boden also discloses dynamically generating security policies (IPSec filter rules), 
such as to accommodate dynamically-assigned IP addresses. In no event, however, does Boden 
disclose applying a security service other than IPSec such that the security policies include 
application instance identifiers associated with security services. The claimed invention, on the 
other hand, recites a centralized key store including a plurality of security policies each of which 
includes an application instance identifier associated with a respective security service, at least 
two of the application instance identifiers being associated with different security services . 

In response to the foregoing, the final Official Action appeared to equate application of 
different security policies within Boden as corresponding to different security services, even 
though Boden discloses IPSec as being implemented for the different security policies. In 
accordance with the present invention, on the other hand, IPSec is but one of a number of 
different security services that may be implemented using the claimed centralized key store. 
Thus, and in further contrast to amended independent Claim 1, under no reasonable 
interpretation does Boden teach or suggest application instance identifiers associated with 
different security services that operate according to different protocols . Instead, Boden discloses 
different policies that all operate according to the same protocol, i.e., IPSec. 

Now, the first Official Action of this RCE alleges that IPSec does in fact support a 
plurality of security services that operate according to different protocols. As further support, the 
Official Action cites to IETF RFC 2401, Security Architecture for the Internet Protocol 
(describing the IPSec framework). Even if one could argue that the IPSec protocol supports 
different security services according to different protocols, however, Applicant notes that all of 
those services and protocols operate at the network (IP) layer of the TCP/IP protocol stack. As 
now recited by amended independent Claim 1, however, the claimed invention permits different 
services and protocols at different layers of a multilayer protocol stack . As explained in the 
specification, these services may include at least IPsec service at the network layer of the TCP/IP 
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protocol stack, and Secure Sockets Layer/Transport Layer Security (SSL/TLS) at the application 
layer of the TCP/IP protocol stack. See, e.g., Pat. Appl., page 8, lines 8-12. 

Applicant therefore respectfully submits that amended independent Claim 1, and by 
dependency Claims 2-5, are patentably distinct from Boden. Applicant also respectfully submits 
that amended independent Claims 6, 1 1 and 16 recite subject matter similar to that of amended 
independent Claim 1, including the aforementioned centralized key store, and application 
instance identifiers associated with different security services that operate according to different 
protocols at different layers of a multilayer protocol stack. Applicant therefore respectfully 
submits that amended independent Claims 6, 1 1 and 16, and by dependency Claims 7-10, 12-15 
and 17-20, are also patentably distinct from Boden for at least the reasons given above with 
respect to amended independent Claim 1 . 

For at least the foregoing reasons, Applicant respectfully submits that the rejection of 
Claims 1-20 as being anticipated by Boden is overcome. 
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CONCLUSION 



In view of the amendments to the claims and the remarks presented above, Applicant 
respectfully submits that the present application is in condition for allowance. As such, the 
issuance of a Notice of Allowance is therefore respectfully requested. In order to expedite the 
examination of the present application, the Examiner is encouraged to contact Applicant's 
undersigned attorney in order to resolve any remaining issues. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 
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